package com.blogSystem.user.config;

import com.blogSystem.user.dao.AdminDao;
import com.blogSystem.user.dao.UserDao;
import com.blogSystem.user.filter.JWTAuthenticationFilter;
import com.blogSystem.user.filter.JWTAuthorizationFilter;
import com.blogSystem.user.pojo.Admin;
import com.blogSystem.user.service.SuperService;
import com.blogSystem.user.service.UserDetailsServiceImpl;
import com.blogSystem.user.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.servlet.WebSecurityEnablerConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import util.JwtUtil;

import java.net.InetAddress;

/**
 * 安全配置类
 */


@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private AdminDao adminDao;

    @Autowired
    private JwtUtil jwtUtil;

    @Autowired
    private BCryptPasswordEncoder bCryptPasswordEncoder;

    @Override
    protected void configure(HttpSecurity http) throws Exception {

      InetAddress addr = InetAddress.getLocalHost();
        http.authorizeRequests()
                .antMatchers("/**/login").permitAll()

                .antMatchers("/super/**").hasRole("SUPER")
                .antMatchers("/user/changename").hasRole("USER")
                .antMatchers("/user/sendsms").permitAll()
                .antMatchers("/user/reister").permitAll()
                .antMatchers("/user/info/**").permitAll()
                .antMatchers("/user/sendsmschange").hasRole("USER")
                .antMatchers("/user/changepass").hasRole("USER")
                .antMatchers("/user/space").hasRole("USER")
                .antMatchers("/user/changeinfo").hasRole("USER")
                .antMatchers("/admin/**").hasRole("ADMIN")
                  .antMatchers("/user/getUserById").permitAll()
          .antMatchers("/user/upload").hasRole("USER")
          .antMatchers("/user/update").hasRole("USER")
          .antMatchers("/user/getUserByName").hasIpAddress(addr.getHostAddress())
          .antMatchers("/user/concer/**").permitAll()


                .anyRequest().authenticated()//认证
                .and().csrf().disable()
                .addFilter(new JWTAuthenticationFilter(authenticationManager()))
                .addFilter(new JWTAuthorizationFilter(authenticationManager()))
        ;//关闭csrf拦截



    }

    @Autowired
    private UserDetailsServiceImpl userDetailsService;

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService)
                .passwordEncoder(bCryptPasswordEncoder);//passwoldEncoder是对密码的加密处理，如果user中密码没有加密，则可以不加此方法。注意加密请使用security自带的加密方式。
    }

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
        return source;
    }
}
